PT-2018-9540 · Influxdata+3 · Influxdb+3

Publicado

2018-12-13

Atualizado

2022-05-14

CVE-2018-1000816

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Grafana versions 5.2.4 and 5.3.0

Description The issue concerns a Cross Site Scripting (XSS) vulnerability in the Influxdb and Graphite query editor. This vulnerability can lead to the execution of arbitrary JavaScript code in the victim's browser. The attack is exploitable when an authenticated user clicks on the input field where the malicious payload was previously inserted.

Recommendations For Grafana version 5.2.4, update to a version that contains a fix for this issue. For Grafana version 5.3.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Influxdb and Graphite query editor to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2018-2838

CVE-2018-1000816

ECHO-E419-828F-5730

GHSA-X5FH-FVVR-892F

Produtos afetados

Alt Linux

Grafana

Graphite

Influxdb

PT-2018-9540 · Influxdata+3 · Influxdb+3

CVE-2018-1000816

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10